On 2015-08-21 21:12, John Andersen wrote:
On 08/21/2015 12:07 PM, Carlos E. R. wrote:
On 2015-08-21 20:13, John Andersen wrote:
I've seen these too, and got tired of them filling my logs, even though I rate-limit via Shorewall, and failtoban. (Ever growing ban lists slow things down).
You can do it with iptables. There is a setting in the SuSEfirewall2 file for it. It runs in RAM.
Carlose: I'm sure you realize the both susefirewall and shorewall do nothing but manage iptables rules and install them as the interface is booted.
Of course I do. But in this case, it is a single rule. There is no log watching, no modification of rules or adding lists as the intruders are found. This solution works at the kernel level. FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh" That's all. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)